← Back

CVE-2024-43694

nvd nist
Published: Sep 26, 2024Modified: Oct 7, 2024

JSON object

Loading...
5.1
Vector
CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: ics-cert@hq.dhs.gov (Secondary)

Description

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.

Affected (1)

Products: Gotenna: Atak Plugin
Gotenna
1 product
Atak Plugin
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Atak Plugin
Before 2.0.7

Related CWEs

CWE-922
Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (1)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.